Adobe exposed nearly 7.5 million Creative Cloud accounts to the public

[zanderthunder]

 

Graphic designers, video editors, and other creatives beware: Nearly 7.5 million Adobe Creative Cloud accounts were exposed to the public. 

 

The database containing the sensitive user info, discovered by security researcher Bob Diachenko and Comparitech, was accessible to anyone through a web browser.

 

The exposed user data for the nearly 7.5 million accounts included email addresses, the Adobe products they subscribed to, account creation date, subscription and payment status, local timezone, member ID, time of last login, and whether they were an Adobe employee.

 

While no passwords or financial information such as credit card numbers were exposed, the data is sensitive enough to cause real problems for Creative Cloud users.

It’s easy to see how a bad actor could use this data to create highly targeted and convincing phishing campaigns.

 

Adobe Creative Cloud includes industry standard software and some of the most popular apps for creatives such as Photoshop, Premiere, Illustrator, After Effects, InDesign, and more.

 

According to Comparitech, Diachenko immediately reached out to Adobe upon discovering the open database on Oct. 19. Adobe addressed the issue immediately and secured the database on the same day.

 

Diachenko believes the data was left exposed for about a week, however it’s unclear when the database first became publicly accessible or if there was any unauthorized access. 

 

Adobe was last hit with a major data leak in 2013 when a hacker gained access to 38 million customers' usernames, encrypted passwords, and credit card info.

 

Creative Cloud customers should be wary of any suspicious emails they receive claiming to be from the company.

 

Mashable has reached out to Adobe and will update this post when we hear back.

 

UPDATE: Oct. 25, 2019, 5:05 p.m. EDT Adobe reached out to Mashable to share the following statement posted to its website:

Quote

At Adobe, we believe transparency with our customers is important. As such, we wanted to share a security update.

 

Late last week, Adobe became aware of a vulnerability related to work on one of our prototype environments. We promptly shut down the misconfigured environment, addressing the vulnerability.

 

The environment contained Creative Cloud customer information, including e-mail addresses, but did not include any passwords or financial information. This issue was not connected to, nor did it affect, the operation of any Adobe core products or services.

 

We are reviewing our development processes to help prevent a similar issue occurring in the future.

 

Source: Adobe exposed nearly 7.5 million Creative Cloud accounts to the public (via Mashable)